package com.project.web.admin.utils.shiro;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * 扩展的自定义权限验证
 */
public class FramePermissionsAuthorizationFilter extends
        PermissionsAuthorizationFilter {

    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        HttpServletRequest req = (HttpServletRequest) request;
        Subject subject = getSubject(request, response);
        String uri = req.getServletPath();
        if (StringUtils.isBlank(uri)) {
            uri = "/";
        }
        boolean permitted = subject.isPermitted(uri);
        return permitted;
    }
}
